audit-site

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to crawl arbitrary public websites via start_crawl({ url: ... }) and then read/analyze observations with get_observations/get_findings, meaning it ingests untrusted third‑party web content (public pages, network logs, console output) that can materially influence findings and subsequent actions.